[techtalk] Netstat weirdness

C. M. Martin caitlyn at netferrets.net
Tue Aug 15 17:20:31 EST 2000 

Hi, everyone,

OK, I'm working on my third firewall in two weeks.  (Why does everyone want to
hire me for security work?  Are they that desperate?)  Anyway...

The box in question is running Caldera 2.4, with the patched version of the
2.2.14 kernel.  I'm having some port forwarding funkiness on this box, and in
troubleshooting it with someone who had a whole lot more Linux experience than
ny couple of years, look what we found:

Here is the output from ifconfig, which is exactly what I'd expect:

eth0      Link encap:Ethernet  HWaddr 00:06:29:F5:3F:AD
          inet addr:63.251.67.58  Bcast:63.251.67.63  Mask:255.255.255.248
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4640 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3380 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          Interrupt:11

eth1      Link encap:Ethernet  HWaddr 00:06:29:AF:91:1E
          inet addr:192.168.0.20  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3325 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3078 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          Interrupt:10 Base address:0x2000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:3924  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0   

Now, look at what netstat -nr gives me:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
63.251.67.56    0.0.0.0         255.255.255.248 U         0 0          0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
0.0.0.0         63.251.67.57    0.0.0.0         UG        0 0          0 eth0 

Those first two destination addresses are *wrong*.  How can netstat, which I
believe reads directly from the kernel routing tables, get out of sync with
ifconfig?  More importantly, how on earth do I fix this?

The guy I was speaking with has seen this once before, on a SuSe box, but can't
remember how he fixed it.  Argh!

Ideas?

Thanks,
Caity

More information about the Techtalk mailing list